Program analyses often lack robustness in the face of code changes. This work introduces, for the first time, a unified framework grounded in category theory that formalizes programs and their properties as categorical objects, capturing various forms of robustness—such as variable renaming and semantic refinement—via structure-preserving functors. Two implementation pathways are proposed: one lifts constructions from restricted computational models to general-purpose programs, while the other ensures stability in the composition of robust operators within algebraic program analyses. The framework not only uncovers common principles underlying loop summarization and termination analysis but also provides a theoretical foundation and predictability guarantees for developing program analyses that are more resilient to program transformations.

Users of program analyses expect that results change predictably in response to changes in their programs, but many analyses fail to provide such robustness. This paper introduces a theoretical framework that provides a unified language to articulate robustness properties. By modeling programs and their properties as objects in a category, diverse notions of robustness-from variable renaming to semantic refinement and structural transformation-can be characterized as structure-preserving functors. Beyond formulating the meaning of robustness, this paper provides methods for achieving it. The first is a general recipe for designing robust analyses, by lifting a sound and robust analysis from a restricted (sub-Turing) model of computation to a sound and robust analysis for general programs. This recipe demystifies the design of several existing loop summarization and termination analyses by showing they are instantiations of this general recipe, and furthermore elucidates their robustness properties. The second is a characterization of a sense in which an algebraic program analysis is robust, provided that it is comprised of robust operators. In particular, we show that such analyses behave predictably under common refactoring patterns, such as variable renaming and loop unrolling.